@GRAY Mike Thanks for reaching out. It looks like you are trying to restrict outbound traffic from your Azure Function App to the public internet and instead route it through your VNet. The "Application Routing (Outbound Internet)" flag in the Function App settings controls whether outbound traffic from your app is routed through the VNet integration or directly to the public internet.
When this flag is set to "On", outbound traffic from your app is routed through the VNet integration, and when it is set to "Off", outbound traffic is sent directly to the public internet.
However, please note that this flag only controls outbound traffic from your app and does not affect inbound traffic to your app. In other words, it will not affect the traffic coming into your app from Event Grids.
Regarding your question about directing traffic for functions to event grids to be internal only, unfortunately, it is not currently possible to deliver events using private endpoints with Event Grids. However, you can use a private link configured in Azure Functions or your webhook deployed on your virtual network to pull events. This means that the traffic goes over the public IP/internet from Event Grid to Event Hubs, Service Bus, or Azure Storage, but the channel can be encrypted, and a managed identity of Event Grid is used. If you configure your Azure Functions or webhook deployed to your virtual network to use an Event Hubs, Service Bus, or Azure Storage via private link, that section of the traffic will evidently stay within Azure.
Please 'Accept Answer' if it helped so that it can help others in the community looking for help on similar topics.